Results 1  10
of
330
A theory of timed automata
, 1999
"... Model checking is emerging as a practical tool for automated debugging of complex reactive systems such as embedded controllers and network protocols (see [23] for a survey). Traditional techniques for model checking do not admit an explicit modeling of time, and are thus, unsuitable for analysis of ..."
Abstract

Cited by 2651 (32 self)
 Add to MetaCart
(Show Context)
Model checking is emerging as a practical tool for automated debugging of complex reactive systems such as embedded controllers and network protocols (see [23] for a survey). Traditional techniques for model checking do not admit an explicit modeling of time, and are thus, unsuitable for analysis of realtime systems whose correctness depends on relative magnitudes of different delays. Consequently, timed automata [7] were introduced as a formal notation to model the behavior of realtime systems. Its definition provides a simple way to annotate statetransition graphs with timing constraints using finitely many realvalued clock variables. Automated analysis of timed automata relies on the construction of a finite quotient of the infinite space of clock valuations. Over the years, the formalism has been extensively studied leading to many results establishing connections to circuits and logic, and much progress has been made in developing verification algorithms, heuristics, and tools. This paper provides a survey of the theory of timed automata, and their role in specification and verification of realtime systems.
The algorithmic analysis of hybrid systems
 THEORETICAL COMPUTER SCIENCE
, 1995
"... We present a general framework for the formal specification and algorithmic analysis of hybrid systems. A hybrid system consists of a discrete program with an analog environment. We model hybrid systems as nite automata equipped with variables that evolve continuously with time according to dynamica ..."
Abstract

Cited by 778 (71 self)
 Add to MetaCart
We present a general framework for the formal specification and algorithmic analysis of hybrid systems. A hybrid system consists of a discrete program with an analog environment. We model hybrid systems as nite automata equipped with variables that evolve continuously with time according to dynamical laws. For verification purposes, we restrict ourselves to linear hybrid systems, where all variables follow piecewiselinear trajectories. We provide decidability and undecidability results for classes of linear hybrid systems, and we show that standard programanalysis techniques can be adapted to linear hybrid systems. In particular, we consider symbolic modelchecking and minimization procedures that are based on the reachability analysis of an infinite state space. The procedures iteratively compute state sets that are definable as unions of convex polyhedra in multidimensional real space. We also present approximation techniques for dealing with systems for which the iterative procedures do not converge.
The Theory of Hybrid Automata
, 1996
"... A hybrid automaton is a formal model for a mixed discretecontinuous system. We classify hybrid automata acoording to what questions about their behavior can be answered algorithmically. The classification reveals structure on mixed discretecontinuous state spaces that was previously studied on pur ..."
Abstract

Cited by 685 (12 self)
 Add to MetaCart
A hybrid automaton is a formal model for a mixed discretecontinuous system. We classify hybrid automata acoording to what questions about their behavior can be answered algorithmically. The classification reveals structure on mixed discretecontinuous state spaces that was previously studied on purely discrete state spaces only. In particular, various classes of hybrid automata induce finitary trace equivalence (or similarity, or bisimilarity) relations on an uncountable state space, thus permitting the application of various modelchecking techniques that were originally developed for finitestate systems.
HyTech: A Model Checker for Hybrid Systems
 Software Tools for Technology Transfer
, 1997
"... A hybrid system is a dynamical system whose behavior exhibits both discrete and continuous change. A hybrid automaton is a mathematical model for hybrid systems, which combines, in a single formalism, automaton transitions for capturing discrete change with differential equations for capturing conti ..."
Abstract

Cited by 473 (6 self)
 Add to MetaCart
A hybrid system is a dynamical system whose behavior exhibits both discrete and continuous change. A hybrid automaton is a mathematical model for hybrid systems, which combines, in a single formalism, automaton transitions for capturing discrete change with differential equations for capturing continuous change. HyTech is a symbolic model checker for linear hybrid automata, a subclass of hybrid automata that can be analyzed automatically by computing with polyhedral state sets. A key feature of HyTech is its ability to perform parametric analysis, i.e. to determine the values of design parameters for which a linear hybrid automaton satisfies a temporallogic requirement. 1 Introduction A hybrid system typically consists of a collection of digital programs that interact with each other and with an analog environment. Examples of hybrid systems include manufacturing controllers, automotive and flight controllers, medical equipment, microelectromechanical systems, and robots. When thes...
Formal Methods: State of the Art and Future Directions
 ACM Computing Surveys
, 1996
"... ing with credit is permitted. To copy otherwise, to republish, to post on servers, to redistribute to lists, or to use any component of this work in other works, requires prior specific permission and/or a fee. Permissions may be requested from Publications Dept, ACM Inc., 1515 Broadway, New York, N ..."
Abstract

Cited by 425 (6 self)
 Add to MetaCart
ing with credit is permitted. To copy otherwise, to republish, to post on servers, to redistribute to lists, or to use any component of this work in other works, requires prior specific permission and/or a fee. Permissions may be requested from Publications Dept, ACM Inc., 1515 Broadway, New York, NY 10036 USA, fax +1 (212) 8690481, or permissions@acm.org. 2 \Delta E.M. Clarke and J.M. Wing About ProgramsMechanical verification, Specification techniques; F.4.1 [Mathematical Logic and Formal Languages]: Mathematical LogicMechanical theorem proving General Terms: Software engineering, formal methods, hardware verification Additional Key Words and Phrases: Software specification, model checking, theorem proving 1. INTRODUCTION Hardware and software systems will inevitably grow in scale and functionality. Because of this increase in complexity, the likelihood of subtle errors is much greater. Moreover, some of these errors may cause catastrophic loss of money, time, or even huma...
What's Decidable about Hybrid Automata?
 Journal of Computer and System Sciences
, 1995
"... . Hybrid automata model systems with both digital and analog components, such as embedded control programs. Many verification tasks for such programs can be expressed as reachability problems for hybrid automata. By improving on previous decidability and undecidability results, we identify a boundar ..."
Abstract

Cited by 377 (16 self)
 Add to MetaCart
(Show Context)
. Hybrid automata model systems with both digital and analog components, such as embedded control programs. Many verification tasks for such programs can be expressed as reachability problems for hybrid automata. By improving on previous decidability and undecidability results, we identify a boundary between decidability and undecidability for the reachability problem of hybrid automata. On the positive side, we give an (optimal) PSPACE reachability algorithm for the case of initialized rectangular automata, where all analog variables follow independent trajectories within piecewiselinear envelopes and are reinitialized whenever the envelope changes. Our algorithm is based on the construction of a timed automaton that contains all reachability information about a given initialized rectangular automaton. The translation has practical significance for verification, because it guarantees the termination of symbolic procedures for the reachability analysis of initialized rectangular autom...
A generic process algebra
 Proc. of the Workshop Essays on Algebraic Process Calculi (APC 25), volume 162 of Electr. Notes Theor. Comput. Sci
, 2006
"... Process algebra is the study of distributed or parallel systems by algebraic means. Originating in computer science, process algebra has been extended in recent years to encompass not just discreteevent systems, but also continuously evolving phenomena, resulting in socalled hybrid process algebra ..."
Abstract

Cited by 253 (22 self)
 Add to MetaCart
Process algebra is the study of distributed or parallel systems by algebraic means. Originating in computer science, process algebra has been extended in recent years to encompass not just discreteevent systems, but also continuously evolving phenomena, resulting in socalled hybrid process algebras. A hybrid process algebra can be used for the specification, simulation, control and verification of embedded systems in combination with their environment, and for any dynamic system in general. As the vehicle of our exposition, we use the hybrid process algebra χ (Chi). The syntax and semantics of χ are discussed, and it is explained how equational reasoning simplifies tool implementations for simulation and verification. A bottle filling line example is introduced to illustrate system analysis by means of equational reasoning.
Computing Simulations on Finite and Infinite Graphs
, 1996
"... . We present algorithms for computing similarity relations of labeled graphs. Similarity relations have applications for the refinement and verification of reactive systems. For finite graphs, we present an O(mn) algorithm for computing the similarity relation of a graph with n vertices and m edges ..."
Abstract

Cited by 195 (7 self)
 Add to MetaCart
(Show Context)
. We present algorithms for computing similarity relations of labeled graphs. Similarity relations have applications for the refinement and verification of reactive systems. For finite graphs, we present an O(mn) algorithm for computing the similarity relation of a graph with n vertices and m edges (assuming m n). For effectively presented infinite graphs, we present a symbolic similaritychecking procedure that terminates if a finite similarity relation exists. We show that 2D rectangular automata, which model discrete reactive systems with continuous environments, define effectively presented infinite graphs with finite similarity relations. It follows that the refinement problem and the 8CTL modelchecking problem are decidable for 2D rectangular automata. 1 Introduction A labeled graph G = (V; E;A; hh\Deltaii) consist of a (possibly infinite) set V of vertices, a set E ` V 2 of edges, a set A of labels, and a function hh\Deltaii : V ! A that maps each vertex v to a label hh...
A user guide to HYTECH
, 1995
"... HyTech is a tool for the automated analysis of embedded systems. This document, designed for the rsttime user of HyTech, guides the reader through the underlying system model, and through the input language for describing and analyzing systems. The guide gives installation instructions, several exa ..."
Abstract

Cited by 158 (4 self)
 Add to MetaCart
HyTech is a tool for the automated analysis of embedded systems. This document, designed for the rsttime user of HyTech, guides the reader through the underlying system model, and through the input language for describing and analyzing systems. The guide gives installation instructions, several examples of usage, some hints for gaining maximal computational e ciency from the tool, and the complete grammar for the input language. This guide describes version 1.04 of HyTech. The latest update occurred in October 1996 1. HyTech is available through the WorldWide Web at
Algorithmic analysis of nonlinear hybrid systems
 in Proc. CAV 95: Computeraided Verification, Lecture Notes in Computer Science
, 1995
"... Abstract—Hybrid systems are digital realtime systems that are embedded in analog environments. Modelchecking tools are available for the automatic analysis of linear hybrid automata, whose environment variables are subject to piecewiseconstant polyhedral differential inclusions. In most embedded ..."
Abstract

Cited by 138 (13 self)
 Add to MetaCart
(Show Context)
Abstract—Hybrid systems are digital realtime systems that are embedded in analog environments. Modelchecking tools are available for the automatic analysis of linear hybrid automata, whose environment variables are subject to piecewiseconstant polyhedral differential inclusions. In most embedded systems, however, the environment variables have differential inclusions that vary with the values of the variables, e.g., _x = x. Such inclusions are prohibited in the linear hybrid automaton model. We present two methods for translating nonlinear hybrid systems into linear hybrid automata. Properties of the nonlinear systems can then be inferred from the automatic analysis of the translated linear hybrid automata. The first method, called clock translation, replaces constraints on nonlinear variables by constraints on clock variables. The clock translation is efficient but has limited applicability. The second method, called linear phaseportrait approximation, conservatively overapproximates the phase portrait of a hybrid automaton using piecewiseconstant polyhedral differential inclusions. Both methods are sound for safety properties; that is, if we establish a safety property of the translated linear system, we may conclude that the original nonlinear system satisfies the property. When applicable, the clock translation is also complete for safety properties; that is, the original system and the translated system satisfy the same safety properties. The phaseportrait approximation method is not complete for safety properties, but it is asymptotically complete; intuitively, for every safety property, and for every relaxed nonlinear system arbitrarily close to the original, if the relaxed system satisfies the safety property, then there is a linear phaseportrait approximation that also satisfies the property. We illustrate both methods by using HYTECH—a symbolic model checker for linear hybrid automata—to automatically check properties of a nonlinear temperature controller and of a predator–prey ecology. Index Terms — Clock translation, formal verification, hybrid systems, HYTECH, linear hybrid automata, model checking, phaseportrait approximation, predator–prey ecologies.